--- /dev/null
+[sec]* tmark
+ Additional runtime security checks were added
+ to kea-dhcp4,kea-dhcp6,kea-dhcp-ddns, and
+ kea-ctrl-agent
+ (Gitlab #3848)
# from sources using libcfgrpt.a
$ strings src/lib/process/cfgrpt/.libs/libcfgrpt.a | sed -n 's/;;;; //p'
-- ``-X`` - As of Kea 3.0, disables path and permissions restrictions.
- The server will emit a warning at startup that sercurity restrictions
- have been disabled. Do not use this mode of operation without careful
- consideration and taking any necessary precautions. Failure to do so can
- expose deployments to security vulnerabilities. For more information
- please read section :ref:`securing-a-kea-deployment`.
+- ``-X`` - As of Kea 3.0, disables secruity restrictions. The server will
+ still check for violations but will emit warning logs when they are found
+ rather than fail with an error. Please see
+ :ref:`sec-kea-runtime-security-risk-checking` for details.
The CA is started by running its binary and specifying the configuration
file it should use. For example:
# from sources using libcfgrpt.a
$ strings src/lib/process/cfgrpt/.libs/libcfgrpt.a | sed -n 's/;;;; //p'
-- ``-X`` - As of Kea 3.0, disables path and permissions restrictions.
- The server will emit a warning at startup that sercurity restrictions
- have been disabled. Do not use this mode of operation without careful
- consideration and taking any necessary precautions. Failure to do so can
- expose deployments to security vulnerabilities. For more information
- please read section :ref:`securing-a-kea-deployment`.
+- ``-X`` - As of Kea 3.0, disables secruity restrictions. The server will
+ still check for violations but will emit warning logs when they are found
+ rather than fail with an error. Please see
+ :ref:`sec-kea-runtime-security-risk-checking` for details.
Upon startup, the module loads its configuration and begins listening
for NCRs based on that configuration.
# from sources using libcfgrpt.a
$ strings src/lib/process/cfgrpt/.libs/libcfgrpt.a | sed -n 's/;;;; //p'
-- ``-X`` - As of Kea 3.0, disables path and permissions restrictions.
- The server will emit a warning at startup that sercurity restrictions
- have been disabled. Do not use this mode of operation without careful
- consideration and taking any necessary precautions. Failure to do so can
- expose deployments to security vulnerabilities. For more information
- please read section :ref:`securing-a-kea-deployment`.
+- ``-X`` - As of Kea 3.0, disables secruity restrictions. The server will
+ still check for violations but will emit warning logs when they are found
+ rather than fail with an error. Please see
+ :ref:`sec-kea-runtime-security-risk-checking` for details.
On startup, the server detects available network interfaces and
attempts to open UDP sockets on all interfaces listed in the
# from sources using libcfgrpt.a
$ strings src/lib/process/cfgrpt/.libs/libcfgrpt.a | sed -n 's/;;;; //p'
-- ``-X`` - As of Kea 3.0, disables path and permissions restrictions.
- The server will emit a warning at startup that sercurity restrictions
- have been disabled. Do not use this mode of operation without careful
- consideration and taking any necessary precautions. Failure to do so can
- expose deployments to security vulnerabilities. For more information
- please read section :ref:`securing-a-kea-deployment`.
+- ``-X`` - As of Kea 3.0, disables secruity restrictions. The server will
+ still check for violations but will emit warning logs when they are found
+ rather than fail with an error. Please see
+ :ref:`sec-kea-runtime-security-risk-checking` for details.
On startup, the server detects available network interfaces and
attempts to open UDP sockets on all interfaces listed in the
running, log an unrecoverable error. For ease of use simply omit the ``path``
parameter.
+.. _sec-summary-of-path-restrictions:
+
Summary of Path Restrictions
----------------------------
to load the library. For ease of use ``library`` elements may simply omit path
components.
+The three primary Kea daemons (:iscman:`kea-dhcp4`, :iscman:`kea-dhcp6` and :iscman:`kea-dhcp-ddns`) all support a control
+channel, which is implemented as a UNIX socket. The control channel, which opens a UNIX socket, is disabled by default;
+
+.. _sec-kea-runtime-security-risk-checking:
+
+Kea Runtime Security Risk Checking
+==================================
+
+Runtime security risk checking was initially added to Kea daemons :iscman:`kea-dhcp4`,
+:iscman:`kea-dhcp6`, :iscman:`kea-dhcp-ddns`, :iscman:`kea-ctrl-agent`. in 2.7.9.
+In Kea 3.0 additional checks were added. By default, when a daemon detects a security
+risk it emits an error log and exits. The following checks are performed:
+
+- Use of unsupported file paths or permissions as detailed in :ref:`sec-summary-of-path-restrictions`
+
+- Use of clear text 'user' or 'password' in HTTP authentication (Kea 3.0)
+
+- Use of clear text 'secret' in TSIG key configuration (Kea 3.0)
+
+- Use of HTTP API channels without authentication (Kea 3.0)
+
+- Kea server running as root user. (Note this only causes a warning log and is never fatal)
+
+As of Kea 3.0, starting the daemons with the command line option, '-X',
+instructs them to warn about security risks but continue operating anyway.
+The message IDs for all such warnings are suffixed with "_SECURITY_WARN".
+
+.. warning::
+
+ Do not run servers with the '-X' option without careful consideration and taking
+ any necessary precautions. Failure to do so can expose deployments to security
+ vulnerabilities.
+
+
Kea Security Processes
======================
projects / thirdparty / kea.git / commitdiff
